Amazon drops encryption from Kindle and Fire tablets

Retailer claims nobody used the encryption feature

Amazon has removed the ability to encrypt data on its Fire tablets, Kindle eBooks and other streaming devices with the latest update to its Fire OS.

The move could leave users of its devices without the means to secure confidential documents, financial information and other private information.

The removal was discovered by security researcher David Scovetta, who tweeted a screen grab of the Fire HD tablet update, which read: "Your device has encrypted data. However, device encryption is no longer supported in Fire OS 5. Follow the steps outlined below to save your data."

Users on Amazon’s Kindle support forums have been up in arms over the removal.

Amazon's Fire OS is based on a fork of Android that supports full-disk encryption by default. Fire OS 5 is the first release to use the Android 5.0 Lollipop code.

The update leaves users with two choice: update and lose encryption or stay on an operating system that could potentially harbour vulnerabilities. Neither are desirable from a security perspective.

In a press statement, Amazon said that when Fire OS 5 was released it “removed some enterprise features that we found customers weren’t using".

“All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption," it added.

In other words, Amazon encrypts data on the go but not when it is stored locally.

The decision to remove encryption is at odds with Amazon’s support for Apple in its fight against the FBI. Amazon chief technology officer Werner Vogels also voiced support for Apple at the Mobile World Congress recently.

According to the Arc tech blog, he said that the moment backdoors are in encryption, “you can no longer trust the technology that you have that you are the only one has access to your data.”

“So we are very strong believers that encryption should be in the hands of our customers and they should be the ones who decide who has access to the data and nobody else,” he said.